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DETAILED ACTION 

1 . Claims 1-75 have been presented for examination. Claims 33 - 36 and 71 - 75 
have been canceled; claims 20 - 25, 27, 29, 37, 39, 41 , 61 and 64 have been amended; 
in an amendment filed 9/10/2004. Claims 1 - 32 and 37 - 70 have been examined. 

Response to Arguments 

2. Applicant's arguments with respect to the subject matter of the instant pending 
claims have been fully considered but are not persuasive. 

3. As per claim 1 , Applicant remarks "Farber do not describe formulating a 
descriptor corresponding to the replica resource and comparing the formulated 
descriptor with the cached descriptor", and then if the formulated descriptor and the 
cached descriptor are not equivalent, formulating a second descriptor corresponding to 
the original resource and comparing the formulated descriptor with the second 
descriptor". Examiner notes (a) Farber discloses providing Verify True File mechanism 
to verify that the data item in a True File registry is indeed the correct "data item" given 
its "True Name" (Farber: inter alia, Column 31 Line 26 - 33), (b) Farber defines a True 
Name is computed using a function, MD (Message Digest - equivalent to CRC), to 
guarantee representing the data block and only data block (Farber: inter alia, Column 
12 Line 38-43). Therefore, the "True Name" is qualified as a "Descriptor", (c) Farber 
also discloses the system caches "data items" (i.e. True Name // Descriptor), so that 
only the most recently accessed data items need to be retained (Farber: inter alia, 
Column 3 Line 56 - 57). (d) Farber disclose data items (i.e. True Name // Descriptor) 
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can be verified and have their integrity check to ensure that they match the stored True 
Names and any change in a True Name potentially signals corruption in the system and 
can be further investigated (Farber: inter alia, Column 34 Line 45 - 55). (e) Farber 
further discloses if an error is found (i.e. the file is corrupted), the system "has the ability 
to heal itself by finding another source for the True File with the given name (Farber: 
inter alia, Column 31 Line 31 - 33: This must require formulating a second descriptor 
(i.e. second True Name // Descriptor) corresponding to the original resource (i.e. 
another source that holds the original true file) so that the validation of original 
uncorrupted file can be conducted). Therefore, Farber indeed teaches formulating a 
descriptor corresponding to the replica resource and comparing the formulated 
descriptor with the cached descriptor (i.e. True Name of Farber's) ", and then if the 
formulated descriptor and the cached descriptor are not equivalent, formulating a 
second descriptor corresponding to the original resource and comparing the formulated 
descriptor with the second descriptor" (i.e. (d) & (,e) as addressed above). 
4. As per claim 20, Applicant asserts "Farber does not disclose a security 
component in a computing device remote to the network server (newly added in the 
amendment) and registerable with the server component during run-time". Examiner 
notes Farber discloses a Remote Mechanism to enable the capabilities of the present 
invention in a peer-to-peer network mode of operation to access the True File registry 
through the Remote Procedure Call (RPC) style interface running over many available / 
existing protocols" (Farber: inter alia, Column 23 Line 14-44). The RPC (Remote 
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Procedure Call) is inherently assured that the client must be registered with the server 
system during the run-time first before the further communications can really start. 

5. As per claim 14, Applicant remarks "Brothers does not describe a security 
component that is registerable with the server component during run-time to determine 
whether a request will pose a security risk". Examiner notes "a security risk" is 
interpreted as "permit an unauthorized access to the resource". Therefore, Brother 
discloses validating the request for resource is authorized or not (Brother: inter alia, 
Figure 8 Element S1 1 and Paragraph [0109] Line 10-27) can indeed meet the claim 
language. Although the claims are interpreted in light of the specification, limitations 
from the specification are not read into the claims. Furthermore, a process / task 
(security component) is inherently registered with the RTOS (Real Time Operating 
System) in a multi-tasking operating environment when the respective process / task is 
invoked / initiated during the run-time after system powers up. 

6. As per claim 1 7 and 1 9, Applicant remarks "Brothers does not disclose 
determining if a total number of characters defining all of the arguments do not exceed a 
maximum number of characters". Examiner notes the maximum number of characters 
herein is interpreted as the total number of characters aggregated from the maximum 
number of characters at each individual field. Therefore, the proper format checking of 
each individual arguments do not exceed a maximum number of characters (Brother: 
inter alia, Paragraph [0170]) is inherently validating and assuring a total number of 
characters defining all of the arguments do not exceed a maximum number of 
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characters. Although the claims are interpreted in light of the specification, limitations 
from the specification are not read into the claims. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 35 1(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

7. Claim 1 - 8, 20 - 24, and 45 - 54 are rejected under 35 U.S.C. 1 02(e) as being 
anticipated by Farber (Patent Number: US 6415280 B1 ), hereinafter referred to as 
Farber. 

8. As per claim 1 , Farber discloses a network system comprising: 

a. a first device to maintain an original resource (Farber: inter alia, Column 43 Line 
59-61); 

b. a second device to maintain a replica resource remotely from the first device, the 
replica resource being replicated from the original resource (Farber: inter alia, Column 
43 Line 59-61); 

c. memory to store a cached descriptor corresponding to the original resource 
(Farber: inter alia, Column 12 Line 38 - 43, Column 3 Line 56 - 57, Column 39 Line 24 
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- 25 and Figure 1(b): Applicant defines a Descriptor can be a hash function of the 
resource, a calculated checksum (CRC) or any other functional identifier that can be 
formulated to provide a basis for comparison of different instantiations of a resource. 
Farber teaches that a "True Name" of a data item (for example, files, database records 
and the like) obtained by computing a MD, or a hash function, is virtually guaranteed to 
represent the given data item and only that particular data item. Therefore, a True 
Name is qualified as a Descriptor and both of them are served as resource unique 
identifiers); 

d. a security component to determine whether the replica resource will pose a 
security risk to the second device upon receipt of a request for the replica resource, the 
security component (Farber: inter alia, Column 34 Line 45 - 49 and Column 43 Line 62 
-64): 

e. formulating a descriptor corresponding to the replica resource and comparing the 
formulated descriptor with the cached descriptor (Farber: inter alia, Column 31 Line 27 - 
30 and Column 37 Line 36 - 42); and 

f. if the formulated descriptor and the cached descriptor are not equivalent, 
formulating a second descriptor corresponding to the original resource and comparing 
the formulated descriptor with the second descriptor (Farber: inter alia, Column 3 Line 
35 - 38 and Column 31 Line 31 - 33: (a) Farber discloses providing Verify True File 
mechanism to verify that the data item in a True File registry is indeed the correct "data 
item" given its "True Name" (Farber: inter alia, Column 31 Line 26 - 33), (b) Farber 
defines a True Name is computed using a function, MD (Message Digest - equivalent to 
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CRC), to guarantee representing the data block and only data block (Farber: inter alia, 
Column 12 Line 38 - 43). Therefore, the "True Name" is qualified as a "Descriptor", (c) 
Farber also discloses the system caches "data items" (i.e. True Name // Descriptor), so 
that only the most recently accessed data items need to be retained (Farber: inter alia, 
Column 3 Line 56 - 57). (d) Farber disclose data items (i.e. True Name // Descriptor) 
can be verified and have their integrity check to ensure that they match the stored True 
Names and any change in a True Name potentially signals corruption in the system and 
can be further investigated (Farber: inter alia, Column .34 Line 45 - 55). (e) Farber 
further discloses if an error is found (i.e. the file is corrupted), the system "has the ability 
to heal itself by finding another source for the True File with the given name (Farber: 
inter alia, Column 31 Line 31 - 33: This must require formulating a second descriptor 
(i.e. second True Name // Descriptor) corresponding to the original resource (i.e. 
another source that holds the original true file) so that the validation of original 
uncorrupted file can be conducted). Therefore, Farber indeed teaches formulating a 
descriptor corresponding to the replica resource and comparing the formulated 
descriptor with the cached descriptor (i.e. True Name of Farber's) ", and then if the 
formulated descriptor and the cached descriptor are not equivalent, formulating a . 
second descriptor corresponding to the original resource and comparing the formulated 
descriptor with the second descriptor" (i.e. (d) & (e) as addressed above). 
9. As per claim 2, Farber teaches the claimed invention as described above (see 
claim 1 ). Farber further teaches the security component determines that the replica 
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resource is not a security risk if the formulated descriptor and the cached descriptor are 
equivalent (Farber: inter alia, Column 37 Line 12 - 13 and Figure 28). 

10. As per claim 3, Farber teaches the claimed invention as described above (see 
claim 1 ). Farber further teaches if the formulated descriptor and the cached descriptor 
are not equivalent, and if the formulated descriptor and the second descriptor are 
equivalent, the security component determines that the replica resource is not a security 
risk (Farber: inter alia, Column 37 Line 13-14 Figure 28). 

11. As per claim 4, Farber teaches the claimed invention as described above (see 
claim 1 ). Farber further teaches if the formulated descriptor and the cached descriptor 
are not equivalent, and if the formulated descriptor and the second descriptor are 
equivalent, the security component determines that the replica resource is not a security 
risk, and the cached descriptor is replaced with the second descriptor (Farber: inter alia, 
Column 25 Line 57-61 and Column 37 Line 13-17). 

12. As per claim 5, Farber teaches the claimed invention as described above (see 
claim 1 ). Farber further teaches if the formulated descriptor and the cached descriptor 
are not equivalent, and if the formulated descriptor and the second descriptor are not 
equivalent, the security component determines that the replica resource is a security 
risk, and the replica resource is replaced with a copy of the original resource (Farber: 
inter alia, Column 37 Line 51 - 52 and Column 31 Line 31 - 32). 

1 3. As per claim 6, Farber teaches the claimed invention as described above (see 
claim 1 ). Farber further teaches if the formulated descriptor and the cached descriptor 
are not equivalent, and if the formulated descriptor and the second descriptor are; not 
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equivalent, the security component determines that the replica resource is a security 
risk, the replica resource is replaced with a copy of the original resource, and the 
cached descriptor is replaced with the second descriptor (Farber: inter alia, Column 37 
Line 33 - 35). 

14. As per claim 7, Farber teaches the claimed invention as described above (see 
claim 1 ). Farber further teaches the security component formulates the cached 
descriptor when the. original resource is replicated to create the replica resource 
(Farber: inter alia, Column 37 Line 33 - 35). 

15. As per claim 8, Farber teaches the claimed invention as described above (see 
claim 1 ). Farber further teaches the security component is configured to determine 
whether the request will pose a security risk to the second device (Farber: inter alia, 
Column 34 Line 48 - 50). 

16. As per claim 20, Farber discloses a network server system comprising: 

a. a server component in a network server to receive a request for a resource 
maintained on the network server and, in response to the request, implement security 
policies to prevent unauthorized access to the resource (Farber: inter alia, Column 25 
Line 26 - 28); and 

b. a security component in a computing device remote to the network server and 
registerable with the server component during run-time to determine whether the 
resource will pose a security risk to the network server upon receipt of the request 
(Farber: inter alia, Column 43 Line 62 - 63 and Column 34 Line 45 - 49: Farber 
discloses a Remote Mechanism to enable the capabilities of the present invention in a 



Application/Control Number: 09/751 ,016 Page 10 

Art Unit: 2131 

peer-to-peer network mode of operation to access the True File registry through the 
Remote Procedure Call (RPC) style interface running over many available / existing 
protocols" (Farber: inter alia, Column 23 Line 14 - 44). The RPC (Remote Procedure 
Call) is inherently assured that the client must be registered with the server system 
during the run-time first before the further communications can really start). 

17. As per claim 21 , Farber teaches the claimed invention as described above (see 
claim 20). Farber further teaches if the security component determines that the 
resource will pose a security risk, the security component redirects the request to 
indicate: that the resource is not available (Farber: inter alia, Column 25 Line 26 - 28). 

18. As per claim 22, Farber teaches the claimed invention as described above (see 
claim 20). Farber further teaches: 

a. the security component: formulates a descriptor corresponding to the resource; 
compares the formulated descriptor with a cached descriptor, the cached descriptor 
corresponding to the resource and formulated when the resource is initially requested 
(Farber: inter alia, Column 31 Line 27 - 30, Column 37 Line 36 - 42, Column 14 Line 26 
- 30 and Column 3 Line 56 - 57); and 

b. determines that the resource is not a security risk if the formulated descriptor and 
the cached descriptor are equivalent (Farber: inter alia, Column 37 Line 12-13 and 
Figure 28). 

19. As per claim 23, Farber teaches the claimed invention as described above (see 
claim 20). Farber further teaches: 
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a. formulates a descriptor corresponding to the resource; compares the formulated 
descriptor with a cached descriptor, the cached descriptor corresponding to the 
resource and formulated when the resource is initially requested (Farber: inter alia, 
Column 31 Line 27 - 30, Column 37 Line 36-42, and Column 1 4 Line 26 - 30); 

b. if the formulated descriptor and the cached descriptor are not equivalent, 
formulates a second descriptor corresponding to an original resource maintained on a 
file server remotely located from the network server, the resource being replicated from 
the original resource (Farber: inter alia, Column 3 Line 35 - 38 and Column 31 Line 31 
-33); 

c. compares the formulated descriptor with the second descriptor; and determines 
that the resource is not a security risk if the formulated descriptor and the second 
descriptor are equivalent (Farber: inter alia, Column 37 Line 13-14 and Figure 28). 
20. As per claim 24, Farber teaches the claimed invention as described above (see 
claim 20). Farber further teaches: 

a. formulates a descriptor corresponding to the resource; compares the formulated 
descriptor with a cached descriptor, the cached descriptor corresponding to the 
resource and formulated when the resource is initially requested (Farber: inter alia, 
Column 31 Line 27 - 30, Column 37 Line 36-42, and Column 14 Line 26 - 30); 

b. if the formulated descriptor and the cached descriptor are not equivalent, 
formulates a second descriptor corresponding to an original resource maintained on a 
file server remotely located from the network server, the resource being replicated from 
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the original resource (Farber: inter alia, Column 3 Line 35 - 38 and Column 31 Line 31 
-33); 

c. compares the formulated descriptor with the second descriptor; if the formulated 
descriptor and the second descriptor are not equivalent, initiates that the resource 
stored on the network server be replaced with a copy of the original resource 
maintained on the file server (Farber: inter alia, Column 37 Line 51 - 52 and Column 31 
Line 31 - 32); and 

d. initiates that the cached descriptor be replaced with the second descriptor 
(Farber: inter alia, Column 37 Line 33 - 35). 

21 . As per claim 45, Farber discloses a method comprising: 

a. receiving a request for a replica resource stored on a computing device ((Farber, 
see inter alia, Column 43 Line 58 - 62); 

b. formulating a descriptor corresponding to the replica resource; comparing the 
formulated descriptor with a cached descriptor corresponding to an original resource 
stored on a second computing device remotely located from the computing device, the 
replica resource being replicated from the original resource (Farber, see inter alia, 
Column 31 Line 27 - 30 and Column 37 Line 36 - 42); 

c. determining that the replica resource does not pose a security risk if the 
formulated descriptor and the cached descriptor are equivalent (Farber, see inter alia, 
Column 37 Line 12-13 and Figure 28); 
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d. if the formulated descriptor and the cached descriptor are not equivalent, 
formulating a second descriptor corresponding to the original resource; comparing the 
formulated descriptor with the second descriptor; and determining that the replica 
resource does not pose a security risk if the formulated descriptor and the second 
descriptor are equivalent (Farber, see inter alia, Column 37 Line 13-14 and Figure 28). 

22. As per claim 46, Farber teaches the claimed invention as described above (see 
claim 45). Farber further teaches allowing the request if said determining that the 
replica resource does not pose a security risk to the computing device (Farber, see inter 
alia, Figure 28). 

23. As per claim 47, Farber teaches the claimed invention as described above (see 
claim 45). Farber further teaches redirecting the request to indicate that the replica 
resource is not available if determining that the replica resource poses a security risk to 
the computing device (Farber, see inter alia, Figure 28). 

24. As per claim 48, Farber teaches the claimed invention as described above (see 
claim 45). Farber further teaches replacing the cached descriptor with the second 
descriptor if the formulated descriptor and the second descriptor are equivalent (Farber, 
see inter alia, Column 25 Line 57-61 and Column 37 Line 13-17). 

25. As per claim 49, Farber teaches the claimed invention as described above (see 
claim 45). Farber further teaches replacing the replica resource with a copy of the 
original resource if the formulated descriptor and the cached descriptor are not 
equivalent, and if the formulated descriptor and the second descriptor are not equivalent 
(Farber, see inter alia, Column 37 Line 51 - 52 and Column 31 Line 31 - 32). 



Application/Control Number: 09/751 ,01 6 Page 1 4 

Art Unit: 2131 

26. As per claim 50, Farber teaches the claimed invention as described above (see 
claim 45). Farber further teaches replacing the cached descriptor with the second 
descriptor if the formulated descriptor and the cached descriptor are not equivalent, and 
if the formulated descriptor and the second descriptor are not equivalent (Farber, see 
inter alia, Column 37 Line 33 - 35). 

27. As per claim 51 , Farber teaches the claimed invention as described above (see 
claim 45). Farber further teaches formulating the cached descriptor when the original 
resource is replicated to create the replica resource (Farber, see inter alia, Column 37 
Line 33 - 35). 

28. As per claim 52, Farber teaches the claimed invention as described above (see 
claim 45). Farber further teaches formulating the cached descriptor when the replica 
resource is initially requested (Farber, see inter alia, Column 14 Line 26 - 30 and 
Column 3 Line 56 - 57). 

29. As per claim 53, Farber teaches the claimed invention as described above (see 
claim 45). Farber further teaches determining whether the request will pose a security 
risk (Farber, see inter alia, Column 34 Line 45 - 50 and Column 31 Line 30). 

30. As per claim 54, Farber teaches the claimed invention as described above (see 
claim 45). Farber further teaches determining whether the request will pose a security 
risk; and redirecting the request to indicate that the replica resource is not available if 
determining that the request poses a security risk to the computing device (Farber, see 
inter alia, Figure 28). 
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31. Claim 14 - 19 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Brothers (Publication Number: US 2002/0083178), hereinafter referred to as Brothers. 

32. As per claim 14, Brothers discloses a network server comprising: 

a. a server component to receive a request for a resource maintained on the 
network server and, in response to the request, implement security policies to prevent 
unauthorized access to the resource; and a security component that is registerable with 
the server component during run-time to determine whether the request will pose a 
security risk to the network server (Brothers, see inter alia, Page 12 Parag. 0109 Line 
10 - 13 and Figure 8: "a security risk" is interpreted as "permit an unauthorized access 
to the resource". Therefore, Brother discloses validating the request for resource is 
authorized or not (Brother: inter alia, Figure 8 Element S1 1 and Paragraph [0109] Line 
10-27) can indeed meet the claim language. Although the claims are interpreted in 
light of the specification, limitations from the specification are not read into the claims. 
Furthermore, a process / task (security component) is inherently registered with the 
RTOS (Real Time Operating System) in a multi-tasking operating environment when the 
respective process / task is invoked / initiated during the run-time after system powers 
up). 

33. As per claim 15, Brothers teaches the claimed invention as described above (see 
claim 14). Brothers further teach if the security component determines that the request 
will pose a security risk, the security component redirects the request to indicate; that 
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the resource is not available (Brothers, see inter alia, Page 12 Parag. 0109 Line 17-21 
and Figure 8). 

34. As per claim 16, Brothers teaches the claimed invention as described above (see 
claim 14). Brothers further teach the request designates a resource locator having a 
resource path, the resource path identifying a location of the resource, and wherein the 
security component determines that the request is not a security risk if the resource 
path does not exceed a maximum number of characters (Brothers, see inter alia, Page 
4 Parag. 0022 Line 1 - 3, Page 16 Parag. 0170 Line 6 - 9 and Figure 13B). 

35. As per claim 17, Brothers teaches the claimed invention as described above (see 
claim 14). Brothers further teach the request designates a resource locator having a 
plurality of arguments, and wherein the security component determines that the request 
is not a security risk if individual arguments do not exceed a maximum number of 
characters, and if a total number of characters defining, all of the arguments do not 
exceed a maximum number of characters (Brothers, see inter alia, Page 16 Parag. 
0170 Line 6-9 and Figure 13B: the maximum number of characters herein is 
interpreted as the total number of characters aggregated from the maximum number of 
characters at each individual field. Therefore, the proper format checking of each 
individual arguments do not exceed a maximum number of characters (Brother: inter 
alia, Paragraph [0170]) is inherently validating and assuring a total number of 
characters defining all of the arguments do not exceed a maximum number of 
characters. Although the claims are interpreted in light of the specification, limitations 
from the specification are not read into the claims). 
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36. As per claim 18, Brothers teaches the claimed invention as described above (see 
claim 14). Brothers further teach the request designates a resource locator having a 
resource identifier, and wherein the security component determines that the request is 
not a security risk if the resource identifier has a valid file extension (Brothers, see inter 
alia, Page 16 Parag. 0170 Line 9 - 10 and Figure 13B). 

37. As per claim 19, Brothers teaches the claimed invention as described above (see 
claim 14). Brothers further teach: 

a. the request designates a resource locator having a resource path and one or 
more arguments, the resource path identifying a location of the resource and the 
resource path having a resource identifier (Brothers, see inter alia, Page 4 Parag. 0022 
Line 1 - 3); 

b. the security component determines that the request is not a security risk if: the 
resource path does not exceed a maximum number of characters; individual arguments 
do not exceed a maximum number of characters; a total number of characters defining 
all of the arguments do not exceed a maximum number of characters; and the resource 
identifier has a valid file extension (Brothers, see inter alia, Page 16 Parag. 0170 and 
Figure 13B: the maximum number of characters herein is interpreted as the total 
number of characters aggregated from the maximum number of characters at each 
individual field. Therefore, the proper format checking of each individual arguments do 
not exceed a maximum number of characters (Brother: inter alia, Paragraph [0170]) is 
inherently validating and assuring a total number of characters defining all of the 
arguments do not exceed a maximum number of characters. Although the claims are 
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interpreted in light of the specification, limitations from the specification are not read into 
the claims). 



Claim Rejections - 35 (JSC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

A person shall be entitled to a patent unless - 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

38. Claim 9-13 and 55-60 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Farber (Patent Number: US 6415280 B1), hereinafter referred to as 
Farber (as applied to claim 1 and 8 above), in view of Brothers (Publication Number: US 
2002/0083178), hereinafter referred to as Brothers. 

39. As per claim 9, Farber teaches the claimed invention of resource integrity 
validation in regard to security purpose to guard against virus, malicious changes or 
other problems in a client-server and server-server network environment (see claim 8). 
Farber does not expressly teach the request designates a resource locator. Brothers 
further disclose the request designates a resource locator (Brothers, see inter alia, Page 
8 Parag. 0087 Line 1 - 3). 
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40. It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Brothers within the system of Farber 
because Brothers discloses the resource access in the distributed network environment 
through a secure universal resource locator (URL) in accordance with the emerging 
internet-based web applications. 

41 . As per claim 10, Farber teaches the claimed invention as described above (see 
claim 8). Brothers further teach the request designates a resource locator having a 
resource path, the resource path identifying a location of the replica resource, and 
wherein the security component determines that the request is not a security risk if the 
resource path does not exceed a maximum number of characters (Brothers, see inter 
alia, Page 4 Parag. 0022 Line 1 - 3, Page 16 Parag. 0170 Line 6 - 9 and Figure 13B). 
Same rational for combination applies here as above in rejecting claim 9. 

42. As per claim 1 1 , Farber teaches the claimed invention as described above (see 
claim 8). Brothers further teach the request designates a resource locator having a 
plurality of arguments, and wherein the security component determines that the request 
is not a security risk if individual arguments do not exceed a maximum number of 
characters, and if a total number of characters defining all of the arguments do not 
exceed a maximum number of characters (Brothers, see inter alia, Page 16 Parag. 
0170 Line 6-9 and Figure 1 3B). Same rational for combination applies here as above 
in rejecting claim 9. 

43. As per claim 12, Farber teaches the claimed invention as described above (see 
claim 8). Brothers further teach the request designates a resource locator having a 
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resource identifier, and wherein the security component determines that the request is 
not a security risk if the resource identifier has a valid file extension (Brothers, see inter 
alia, Page 16 Parag. 0170 Line 9 - 10 and Figure 13B). Same rational for combination 
applies here as above in rejecting claim 9. 

44. As per claim 13, Farber teaches the claimed invention as described above (see 
claim 1 ). Brothers further teach: 

a. the request designates a resource locator having a resource path and one or 
more arguments, the resource path identifying a location of the replica resource and the 
resource path having a resource identifier (Brothers, see inter alia, Page 4 Parag. 0022 
Line 1 - 3 and Figure 2D); 

b. the security component is configured to determine whether the request will pose 
a security risk to the second device; the security component determines that the request 
is not a security risk if: the resource path does not exceed a maximum number of 
characters; individual arguments do not exceed a maximum number of characters; a 
total number of characters defining all of the arguments do not exceed a maximum 
number of characters; and the resource identifier has a valid file extension (Brothers, 
see inter alia, Page 16 Parag. 0170 Line 9-10 and Figure 13B). 

45. Same rational for combination applies here as above in rejecting claim 9. 

46. As per claim 55, Farber teaches the claimed invention of resource integrity 
validation in regard to security purpose to guard against virus, malicious changes or 
other problems in a client-server and server-server network environment (see claim 45). 
Farber does not expressly teach uniform resource locator (URL) related subject matters. 
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Brothers further disclose the request designates a resource locator having a resource 
path, the resource path identifying a location of the replica resource, and the method 
further comprising determining that the request does not pose a security risk if the 
resource path does not exceed a maximum number of characters (Brothers, see inter 
alia, Page 4 Parag. 0022 Line 1 - 3, Page 1 6 Parag. 01 70 Line 6 - 9 and Figure 1 3B). 

47. It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Brothers within the system of Farber 
because Brothers discloses the resource access in the distributed network environment 
through a secure universal resource locator (URL) in accordance with the emerging 
internet-based web applications. 

48. As per claim 56, Farber teaches the claimed invention as described above (see 
claim 55). Brothers further teach the request designates a resource locator having a 
plurality of arguments, and the method further comprising determining that the request 
does not pose a security risk if individual arguments do not exceed a maximum number 
of characters, and if a total number of characters defining all of the arguments do not 
exceed a maximum number of characters (Brothers, see inter alia, Page 16 Parag. 
0170 Line 6-9 and Figure 13B). Same rational for combination applies here as above 
in rejecting the claim 55. 

49. As per claim 57, Farber teaches the claimed invention as described above (see 
claim 55). Brothers further teach the request designates a resource locator having a 
resource identifier, and the method further comprising determining that the request does 
not pose a security risk if the resource identifier has a valid file extension (Brothers, see 
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inter alia, Page 16 Parag. 0170 Line 9-10 and Figure 13B). Same rational for 
combination applies here as above in rejecting the claim 55. 

50. As per claim 58, Farber teaches the claimed invention as described above (see 
claim 55). Brothers further teach: 

51 . a. the request designates a resource locator having a resource path and 
one or more arguments, the resource path identifying a location of the replica resource 
and the resource path having a resource identifier (Brothers, see inter alia, Page 4 
Parag. 0022 Line 1 - 3 and Figure 2D); 

b. the method further comprising determining that the request does not pose a 
security risk if: the resource path does not exceed a maximum number of characters; 
individual arguments do not exceed a maximum number of characters; a total number of 
characters defining all of the arguments do not exceed a maximum number of 
characters; and the resource identifier has a valid file extension (Brothers, see inter alia, 
Page 1 6 Parag. 01 70 Line 9 - 1 0 and Figure 1 3B). 

52. Same rational for combination applies here as above in rejecting the claim 55. 

53. As per claim 59, Farber teaches the claimed invention as described above (see 
claim 45). The claim recites computer-readable medium comprising computer 
executable instructions that, when executed, direct a computing system to perform the 
method of claim 45. It would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to select a computing device to serve this purpose. 

54. As per claim 60, Farber teaches the claimed invention as described above (see 
claim 58). The claim recites computer-readable medium comprising computer 
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executable instructions that, when executed, direct a computing system to perform the 
method of claim 58. It would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to select a computing device to serve this purpose. 

55. Claim 25 - 32, 37 - 44 and 61 - 70 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Brothers (Publication Number: US 2002/0083178), hereinafter 
referred to as Brothers, in view of Farber (Patent Number: US 6415280 B1 ), hereinafter 
referred to as Farber. 

56. As per claim 25 and 37, Brothers teach: 

a. an Internet server to receive a request for a resource maintained on the network 
server and, in response to the request, implement security policies to prevent 
unauthorized access to the resource (Brothers, see inter alia, Page 12 Parag. 0109 Line 
10 -13 and Figure 8); 

b. a security component that is registerable with the Internet server during run-time, 
the security component having: a validation component to determine whether the 
request will pose a security risk to the network server by determining if a total number of 
characters defining all of the arguments exceeds a maximum number of characters 
(Brothers, see inter alia, Page 16 Parag. 0170: the checking of individual arguments do 
not exceed a maximum number of characters is inherently validating and assuring a 
total number of characters defining all of the arguments do not exceed a maximum 
number of characters, where the maximum number of characters herein is interpreted 
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as the total number of characters aggregated from the maximum number of characters 
at each individual field). 

57. Brothers do not teach: 

c. an integrity verification component to determine whether the resource will pose a 
security risk to the network server upon receipt of the request. 

58. Farber teaches an integrity verification component to determine whether the 
resource will pose a security risk to the network server upon receipt of the request 
(Farber, see inter alia, Column 34 Line 45 - 50). 

59. It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Farber within the system of Brothers 
because Farber discloses resource integrity validation in regard to security purpose to 
guard against virus, malicious changes or other problems in a client-server and server- 
server network environment as part of emerging internet-based applications. 

60. As per claims 26 and 38, Brothers-Farber teaches the claimed invention as 
described above (see claim 25 and 37, respectively). Brothers further teach the request 
designates a resource locator having a resource path, the resource path identifying a 
location of the resource, and wherein the validation component determines that the 
request is not a security risk if the resource path does not exceed a maximum number 
of characters ((Brothers, see inter alia, Page 4 Parag. 0022 Line 1 - 3, Page 16 Parag. 
0170 Line 6-9 and Figure 13B). Same rational for combination applies here as above 
in rejecting claim 25 and 37. 
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61 . As per claims 27 and 39, Brothers-Farber teaches the claimed invention as 
described above (see claim 25 and 37, respectively). Brothers further teach the request 
designates a resource locator having a plurality of arguments, and wherein the 
validation component determines that the request is not a security risk if individual 
arguments do not exceed a maximum number of characters (Brothers, see inter alia, 
Page 16 Parag. 0170 Line 6-9 and Figure 13B). Same rational for combination 
applies here as above in rejecting claim 25 and 37. 

62. As per claims 28 and 40, Brothers-Farber teaches the claimed invention as 
described above (see claim 25 and 37, respectively). Brothers further teach the request 
designates a resource locator having a resource identifier, and wherein the validation 
component determines that the request is not a security risk if the resource identifier 
has a valid file extension (Brothers, see inter alia, Page 16 Parag. 0170 Line 9-10 and 
Figure 13B). Same rational for combination applies here as above in rejecting claim 25 
and 37. 

63. As per claims 29 and 41 , Brothers-Farber teaches the claimed invention as 
described above (see claim 25 and 37, respectively). Brothers further teach: 

a. the request designates a resource locator having a resource path and one or 
more arguments, the resource path identifying a location of the resource and the 
resource path having a resource identifier (Brothers, see inter alia, Page 4 Parag. 0022 
Line 1 - 3 and Figure 2D); and 

b. the validation component determines that the request is not a security risk if the 
resource path does not exceed a maximum number of characters; individual arguments 
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do not exceed a maximum number of characters; and the resource identifier has a valid 
file extension (Brothers, see inter alia, Page 16 Parag. 0170 and Figure 13B). 

64. Same rational for combination applies here as above in rejecting the claim 25 
and 37. 

65. As per claims 30 and 42, Brothers-Farber teaches the claimed invention as 
described above (see claim 25 and 37, respectively). Farber further teach: 

66. a. formulates a descriptor corresponding to the resource; compares the 
formulated descriptor with a cached descriptor, the cached descriptor corresponding to 
the resource and formulated when the resource is initially requested (Farber: inter alia, 
Column 31 Line 27 - 30, Column 37 Line 36-42, Column 14 Line 26 - 30 and Column 
3 Line 56 - 57); and 

67. b. determines that the resource is not a security risk if the formulated 
descriptor and the cached descriptor are equivalent (Farber: inter alia, Column 37 Line 
12 -13 and Figure 28). 

68. Same rational for combination applies here as above in rejecting the claim 25 
and 37. 

69. As per claims 31 and 43, Brothers-Farber teaches the claimed invention as 
described above (see claim 25 and 37, respectively). Farber further teach: 

a. formulates a descriptor corresponding to the resource; compares the formulated 
descriptor with a cached descriptor, the cached descriptor corresponding to the 
resource and formulated when the resource is initially requested (Farber: inter alia, 
Column 31 Line 27 - 30, Column 37 Line 36 - 42, and Column 14 Line 26 - 30); 
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b. if the formulated descriptor and the cached descriptor are not equivalent, 
formulates a second descriptor corresponding to an original resource maintained on a 
file server remotely located from the network server, the resource being replicated from 
the original resource (Farber: inter alia, Column 3 Line 35 - 38 and Column 31 Line 31 
-33); 

c. compares the formulated descriptor with the second descriptor; and determines 
that the resource is not a security risk if the formulated descriptor and the second 
descriptor are equivalent (Farber: inter alia, Column 37 Line 13-14 and Figure 28). 

70. Same rational for combination applies here as above in rejecting the claim 25 
and 37. 

71 . As per claims 32 and 44, Brothers-Farber teaches the claimed invention as 
described above (see claim 25 and 37, respectively). Farber further teach: 

a. formulates a descriptor corresponding to the resource; compares the formulated 
descriptor with a cached descriptor, the cached descriptor corresponding to the 
resource and formulated when the resource is initially requested (Farber: inter alia, 
Column 31 Line 27 - 30, Column 37 Line 36 - 42, and Column 14 Line 26 - 30); 

b. if the formulated descriptor and the cached descriptor are not equivalent, 
formulates a second descriptor corresponding to an original resource maintained on a 
file server remotely located from the network server, the resource being replicated from 
the original resource (Farber: inter alia, Column 3 Line 35 - 38 and Column 31 Line 31 
-33); 
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c. compares the formulated descriptor with the second descriptor; if the formulated 
descriptor and the second descriptor are not equivalent, initiates that the resource 
stored on the network server be replaced with a copy of the original resource 
maintained on the file server (Farber: inter alia, Column 37 Line 51 - 52 and Column 31 
Line 31 - 32); and 

d. initiates that the cached descriptor be replaced with the second descriptor 
(Farber: inter alia, Column 37 Line 33 - 35). 

72. Same rational for combination applies here as above in rejecting the claim 25 
and 37. 

73. As per claim 61 , Brothers teach: 

a. receiving a request for a resource (Brothers, see inter alia, Figure 2D); 

b. implementing security policies to prevent unauthorized access to the resource 
(Brothers, see inter alia, Figure 8); 

c. determining whether the request will pose a security risk by determining if a total 
number of characters defining all of the arguments of the request exceeds a maximum 
number of characters (Brothers, see inter alia, Page 16 Parag. 0171 : the checking of 
individual arguments do not exceed a maximum number of characters is inherently 
validating and assuring a total number of characters defining all of the arguments do not 
exceed a maximum number of characters, where the maximum number of characters 
herein is interpreted as the total number of characters aggregated from the maximum 
number of characters at each individual field); 
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74. Brothers do not teach determining whether the resource will pose a security risk 
if allowing the request. 

75. Farber teaches determining whether the resource will pose a security risk if 
allowing the request (Farber, see inter alia, Column 34 Line 45 - 50). 

76. It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Farber within the system of Brothers 
because Farber discloses resource integrity validation in regard to security purpose to 
guard against virus, malicious changes or other problems in a client-server and server- 
server network environment as part of emerging internet-based applications. 

77. As per claim 62, Brothers-Farber teaches the claimed invention as described 
above (see claim 61 ). The claim recites allowing the request for the resource if 
determining that the request does not pose a security risk and if determining that the 
resource does not pose a security risk. Brothers further teach the request can't be 
allowed if determining the request poses a security risk (Brothers, see inter alia, Figure 
8) and subsequently Farber also teaches the access to the resource can't be allowed if 
determining the resource poses a security risk. This is because the True Name (i.e. 
unique resource ID) has been changed (Farber, see inter alia, Figure 28). Same 
rational for combination applies here as above in rejecting the claim 61 . 

78. As per claim 63, Brothers-Farber teaches the claimed invention as described 
above (see claim 61 ). Brothers further teach the request designates a resource locator 
having a resource path, the resource path identifying a location of the resource, and the 
method further comprising determining that the request does not pose a security risk if 
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the resource path does not exceed a maximum number of characters (Brothers, see 
inter alia, Page 4 Parag. 0022 Line 1 - 3, Page 16 Parag. 0170 Line 6 - 9 and Figure 
1 3B). Same rational for combination applies here as above in rejecting the claim 61 . 

79. As per claim 64, Brothers-Farber teaches the claimed invention as described 
above (see claim 61 ). Brothers further teach the request designates a resource locator 
having a plurality of arguments, and the method further comprising determining that the 
request does not pose a security risk if individual arguments do not exceed a maximum 
number of characters (Brothers, see inter alia, Page 16 Parag. 0170 Line 6-9 and 
Figure 13B). Same rational for combination applies here as above in rejecting the claim 
61. 

80. As per claim 65, Brothers-Farber teaches the claimed invention as described 
above (see claim 61 ). Brothers further teach the request designates a resource locator 
having a resource identifier, and the method further comprising determining that the 
request does not pose a security risk if the resource identifier has a valid file extension 
(Brothers, see inter alia, Page 16 Parag. 0170 Line 9-10 and Figure 13B). Same 
rational for combination applies here as above in rejecting the claim 61 . 

81 . As per claim 66, Brothers-Farber teaches the claimed invention as described 
above (see claim 61 ). Farber further teaches: 

a. formulating a descriptor corresponding to the resource; comparing the formulated 
descriptor with a cached descriptor corresponding to the resource and formulated when 
the resource is initially requested (Farber: inter alia, Column 31 Line 27 - 30, Column 
37 Line 36 - 42, Column 14 Line 26 - 30 and Column 3 Line 56 - 57; and 
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82. b. determining that the resource does not pose a security risk if the 
formulated descriptor and the cached descriptor are equivalent (Farber: inter alia, 
Column 37 Line 12 - 13 and Figure 28). 

83. Same rational for combination applies here as above in rejecting the claim 61 . 

84. As per claim 67, Brothers-Farber teaches the claimed invention as described 
above (see claim 61 ). Farber further teaches: 

a. formulating a descriptor corresponding to the resource; comparing the formulated 
descriptor with a cached descriptor corresponding to the resource and formulated when 
the resource is initially requested (Farber: inter alia, Column 31 Line 27 - 30, Column 
37 Line 36 - 42, and Column 14 Line 26 - 30); 

b. determining that the resource does not pose a security risk if the formulated 
descriptor and the cached descriptor are equivalent; if the formulated descriptor and the 
cached descriptor are not equivalent, formulating a second descriptor corresponding to 
an original resource remotely located, the resource replicated from the original source 
(Farber: inter alia, Column 3 Line 35 - 38 and Column 31 Line 31 - 33); 

c. comparing the formulated descriptor with the second descriptor; and determining 
that the resource does not pose a security risk if the formulated descriptor and the 
second descriptor are equivalent (Farber: inter alia, Column 37 Line 13-14 and Figure 
28). 

85. Same rational for combination applies here as above in rejecting the claim 61 . 

86. As per claim 68, Brothers-Farber teaches the claimed invention as described 
above (see claim 61 ). Farber further teaches: 
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87. formulating a descriptor corresponding to the resource; comparing the formulated 
descriptor with a cached descriptor corresponding to the resource and formulated when 
the resource is initially requested (Farber: inter alia, Column 31 Line 27 - 30, Column 
37 Line 36 - 42, Column 14 Line 26 - 30 and Column 3 Line 56 - 57); 

b. determining that the resource does not pose a security risk if the formulated 
descriptor and the cached descriptor are equivalent (Farber, see inter alia, Column 37 
Line 12 - 13 and Figure 28); 

c. if the formulated descriptor and the cached descriptor are not equivalent, 
formulating a second descriptor corresponding to an original resource remotely located, 
the resource replicated from the original resource (Farber, see inter alia, Column 3 Line 
35 - 38 and Column 31 Line 31 - 33); 

d. comparing the formulated descriptor with the second descriptor; and determining 
that the resource does not pose a security risk if the formulated descriptor and the 
second descriptor are equivalent (Farber, see inter alia, Column 37 Line 13-14 and 
Figure 28); 

e. if the formulated descriptor and the second descriptor are not equivalent, 
replacing the resource with a copy of the original resource and replacing the cached 
descriptor with the second descriptor (Farber, see inter alia, Column 37 Line 51 - 52, 
Column 31 Line 31 - 32 and Column 37 Line 33 - 35). 

88. Same rational for combination applies here as above in rejecting the claim 61 . 

89. As per claim 69, Brothers-Farber teaches the claimed invention as described 
above (see claim 61). The claim recites computer-readable medium comprising 
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computer executable instructions that, when executed, direct a computing system to 
perform the method of claim 61 . It would have been obvious to a person of ordinary 
skill in the art at the time the invention was made to select a computing device to serve 
this purpose. 

90. As per claim 70, Brothers-Farber teaches the claimed invention as described 
above (see claim 68). The claim recites computer-readable medium comprising 
computer executable instructions that, when executed, direct a computing system to 
perform the method of claim 68. It would have been obvious to a person of ordinary 
skill in the art at the time the invention was made to select a computing device to serve 
this purpose. 



Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
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the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Longbit Chai whose telephone number is 571-272-3788. 
The examiner can normally be reached on Monday-Friday 8:00am-4:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R Sheikh can be reached on 571-272-3795. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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